package com.cskaoyan.shiro;

import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Properties;

@Configuration
public class ShiroConfig {

    //对url进行过滤操作
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManagerz){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //注入securityManager
        shiroFilterFactoryBean.setSecurityManager(securityManagerz);

        //认证失败后重定向的url
        shiroFilterFactoryBean.setLoginUrl("/admin/auth/noLogin");

        //设置没有权限的URL
        shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/noPermission");

        //最重要的事情
        //对请求过滤 filter
        //key 请求url value对应的是过滤器
        LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();
        //anon匿名,authc需要认证
        filterMap.put("/admin/auth/login", "anon");
        filterMap.put("/admin/auth/noLogin", "anon");
        filterMap.put("/admin/auth/noPermission", "anon");
        filterMap.put("/wx/auth/login","anon");
        filterMap.put("/wx/cart/**","authc");
        filterMap.put("/admin/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }

    //shiro核心组件 SecurityManager
    @Bean
    public DefaultWebSecurityManager securityManagerz(WxRealm wxRealm, AdminRealm adminRealm,DefaultWebSessionManager webSessionManager,CustomAuthenticator authenticator){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        //defaultWebSecurityManager.setRealm(wxRealm);
        defaultWebSecurityManager.setSessionManager(webSessionManager);
        defaultWebSecurityManager.setAuthenticator(authenticator);
        List<Realm> realms=new ArrayList<>();
        realms.add(wxRealm);
        realms.add(adminRealm);
        defaultWebSecurityManager.setRealms(realms);
        return defaultWebSecurityManager;
    }

    //声明式鉴权 注解需要的组件
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManagerz){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManagerz);
        return authorizationAttributeSourceAdvisor;
    }

    //通过sessionId保证前后端分离的项目,采用同一个session
    @Bean
    public DefaultWebSessionManager webSessionManager(){
        CustomSessionManager customSessionManager = new CustomSessionManager();
        return customSessionManager;
    }

    @Bean
    public SimpleMappingExceptionResolver simpleMappingExceptionResolver() {

        SimpleMappingExceptionResolver simpleMappingExceptionResolver = new SimpleMappingExceptionResolver();
        Properties mappings = new Properties();
        simpleMappingExceptionResolver.setExceptionMappings(mappings);
        return simpleMappingExceptionResolver;
    }

    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm, WxRealm wxRealm){
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }

}
